[strongSwan] Password protection on private key using PKI tool
driesm.michiels at gmail.com
driesm.michiels at gmail.com
Sat Mar 28 19:03:28 CET 2020
Andreas,
Yea that helps thanks!
Do you think this might be implemented in the PKI tool (pki --gen) at one
point?
Would be nice to get a coherent experience using the PKI tool. :-)
Mvg,
Dries
> -----Original Message-----
> From: Andreas Steffen <andreas.steffen at strongswan.org>
> Sent: zaterdag 28 maart 2020 8:59
> To: driesm.michiels at gmail.com; users at lists.strongswan.org
> Subject: Re: [strongSwan] Password protection on private key using PKI
tool
>
> Hi Dries,
>
> no the strongSwan pki tool does not support password protection of private
> keys. But after generating a key with e.g.
>
> pki --gen --type rsa --size 3072 --outform pem > key.pem
>
> you can protect it with a password using openssl:
>
> openssl rsa -in key.pem -aes256 -out key.pem
> Enter pass phrase for key.pem:
> ...
>
> The pki tool can load encrypted keys, though, e.g.
>
> pki --self --type rsa --in key.pem --dn "C=CH, O=Test, CN=Joe" \
> --outform pem > cert.pem
> Private key passphrase:
> ...
>
> Hope this helps!
>
> Andreas
>
> On 14.03.20 20:17, driesm.michiels at gmail.com wrote:
> > Hi Strongswan Mail list,
> >
> >
> >
> > This is a quick question regarding certificates/keys created with the
> > PKI tool.
> >
> > Does the PKI tool currently support password protection of private keys?
> >
> >
> >
> > This would mean that regardless of the key install on a client one
> > still needs the password to use them.
> >
> >
> >
> > Regards
> >
> > Dries
> ==================================================================
> ====
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Networked Solutions
> HSR University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[INS-
> HSR]==
More information about the Users
mailing list